CDN$ 29.60
  • List Price: CDN$ 46.99
  • You Save: CDN$ 17.39 (37%)
Only 1 left in stock (more on the way).
Ships from and sold by
Gift-wrap available.
Add to Cart
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

The Executive Guide to Information Security: Threats, Challenges, and Solutions Paperback – Nov 30 2004

Amazon Price New from Used from
"Please retry"
CDN$ 29.60
CDN$ 14.95 CDN$ 0.01

Join Amazon Student in Canada

Customers Who Bought This Item Also Bought


Product Details

  • Paperback: 288 pages
  • Publisher: Addison-Wesley Professional; 1 edition (Nov. 30 2004)
  • Language: English
  • ISBN-10: 0321304519
  • ISBN-13: 978-0321304513
  • Product Dimensions: 23 x 18 x 1 cm
  • Shipping Weight: 399 g
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: #1,024,050 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Customer Reviews

5.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See the customer review
Share your thoughts with other customers

Most helpful customer reviews

Format: Paperback
This book is a very useful tool for getting non-IT executives to understand the imperative behind maintaining an information security management program.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.

Most Helpful Customer Reviews on (beta) 12 reviews
12 of 13 people found the following review helpful
Great resource, but boring at times Feb. 9 2005
By Dr Anton Chuvakin - Published on
Format: Paperback
A fun book on security for executives and managers? Unbelievable, you'd say? This one ("The Executive Guide to Information Security") comes pretty close.

On the down side, do not look at this book for technology coverage. Almost total lack of coverage of intrusion prevention, spyware, spam as well as some Symantec bias (understandable, considering the publisher) make this book much stronger on the policy, process and "big picture" coverage rather on modern technical threats and countermeasures. Slightly confusing coverage of vulnerability management also falls in the same category. However, given the target audience of CEOs and CFOs, this is certainly excusable.

The book introduces the executives to basic security concepts such as "defense-in-depth", "people, process, technology", etc, and goes into details on using them for organizing security for their organizations.

I also appreciated the sections on planning and executing a security strategy and measuring security by using various included checklists and questionnaires. 50-point security evaluation framework based on"best practices" was another valuable piece. The books also address one of the important questions of organizational security: in-house vs outsourced security.

Regulations and laws also occupy a significant part of the book. The coverage is high-level and provides few details, appropriate given the target audience. A section on future security was pretty insightful and enjoyable to read!

Overall, I think the book will be one of the first (and, so far, best) books about security for the "C-level" crowd.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal
9 of 11 people found the following review helpful
Excellent Reference for Executive Management Nov. 7 2004
By sixmonkeyjungle - Published on
Format: Paperback
Mark Egan and Tim Mather have done a great job in my opinion of boiling the wide range of topics and information related to corporate network security down to an "executive summary" highlighting the key areas that executive leadership needs to understand in order to make decisions and lead effectively.

This book provides an overview of the history and current state of information security and an appropriate amount of detail for an executive to understand trends in technologies and threats and how to assess risks, hire competent I.T. staff and a general overview of best practices and practical solutions.

The appendices provide a wealth of additional information such as template job descriptions for specific I.T. roles and a listing of information security web sites for reference.

This book covers a little about a lot, and even that lot is aimed at managers and executive leadership. Don't get this book if you are looking for details about any aspect of computer security or even if you are looking for a comprehensive, broad coverage of information security for the "working class". For executive leaders looking to gain an understanding of I.T. to ensure that their networks are properly protected though this is an excellent resource.

2 of 2 people found the following review helpful
More Phishing Analysis Dec 17 2004
By W Boudville - Published on
Format: Paperback
The authors write a timely management level briefing on the current key issues in information security. Directed at not just the CEO of any company, as the cover might suggest. The audience of this book arguably includes not just executives involved in IT, but also the technical IT personnel themselves who may, or rather, will, confront such issues on a daily basis.

Perhaps the most important section is Chapter 8, discussing future threats. It starts with an example of a phishing attack on a company. The chapter then goes onto describe possible trends in attacks over the next few years. Sadly, once past the phishing example, the chapter does not talk any more about phishing. Given the realities of book publishing, the chapter was probably written in the first half of 2004. Yet as 2004 draws to a close, it has seen a huge global rise in phishing. So the chapter is already somewhat dated, through no fault of the authors.

Were the chapter to be rewritten now (December 2004), I imagine phishing would, or should, receive far more detailed scrutiny. While it might be objected that phishing is only one type of attack, its current direct monetary costs to banks and the month on month rise in the frequency of attacks make it a prime menace.
3 of 4 people found the following review helpful
Should be the basis of an executive study group Dec 19 2004
By Charles Ashbacher - Published on
Format: Paperback
An effective security policy can only be the result of a systemic operation, which means that it must be supported at the executive level. To be supported, it must first be understood, therefore all executives must have a broad knowledge of the need for security and some of the particulars as to how it is implemented. This book provides that information.

While it is necessary to use some technical jargon in order to explain the basics of computer security, it is kept to a minimum. The three components of an effective security program: people, process and technology are each explained in a separate chapter. There are several questionnaire/checklist style worksheets, where you can fill them in and get some idea regarding the current status of your company. These are excellent ways to get a snapshot of how vulnerable your company is. One simple addition that many executives will find valuable is a collection of example job descriptions for security personnel. These positions are difficult to describe and fill, so even the smallest bit of assistance is of great value.

There are very few books that should be the subject of a study group of the executives of a company. This is one of them, each executive should be given a copy, and then forced to read and study it as a group. It is one of the few ways to guarantee that security is given the consideration that all executives need to apply. In these dangerous times, failure to do so can literally be a matter of life and death for some companies.
An Executive-level Resource... April 29 2008
By D. S. Thurlow - Published on
Format: Paperback Verified Purchase
Mark Egan's 2004 "The Executive Guide to Information Security" is, as promised, an executive guide, written in layman's language, for planning and executing information security policy in a corporate environment. Egan clearly understands the basics of good security planning and the challenges of the information environment in which business now operates; he marries the two to provide a step by step guide for the busy corporate executive.

Egan provides a framework and the necessary explanations to allow the business executive to understand the information security perimeter of his business. He identifies the essential components of a successful information security program and the information tools available to defend the business enterprise. The step by step development and execution of an information security program reinforces the importance of active ownership of the program and its results within the company or corporation, and the importance of ensuring that the security program facilitates the business of the business. Egan emphasizes the need for good metrics and constant monitoring; the successful information security program is a dynamic one.
Egan's guide is oriented on the business executive who thinks he needs an information security program (hint: he or she almost certainly does). Information technology tech-heads will find the book less specific on actual threats and countermeasures; any book published in 2004 would already be out of date at that level of detail.

"The Executive Guide to Information Security" is very highly recommended as a basic guide to the threats, challenges, and solutions of an information technology-based business environment.

Product Images from Customers